What about places that handle "money" and need to be secure but aren't banks?
Shopping carts, mall websites, payment gateways, -- anything with a payment form on the site... they are all attacked more than "banks" right now. It's easier to skim a lot of small insecure sites than hit one big well-protected one. I learned that from Neuromancer.
Mainframes are unique in their integration and optimization between the hardware and the operating system they run. It gives you a level of performance, integrity and fault tolerance which cannot be achieved by taking generic hardware and sticking Linux on top.
There's bad news, though. Only 144,000 are going to ascend into Heaven. That limits it pretty severely. John says in The Revelation that these 144,000 "had not defiled themselves with women," so if you ARE a woman, or a man who's been with a woman, you're already out. Go ahead and sin.
I'm 31, I've been typing since I got my first Commodore-64 in about 1980, and I am in the same boat as you; I am a ridiculously fast two-finger touch-typist. Now, I don't literally use two fingers; I actually type with all my fingers (although the pinkie fingers get very little use).
People who are touch-typists often are impressed with my typing speed. Everyone assumes I am a touch-typist. Then I invite them to watch my hands when I type.
I will never forget my typing class in high school; I could type faster than the instructor, but he would have to make me down because I didn't do it the right way.
When you sign up, they have a disk you are supposed to use to get started.
It's a damn internet connection. I don't need a disk for that. nor will I use one. Plus, I'm on Linux, which they don't support.
The practical upshot of this is, I've never seen a contract. I called them up to activate service over the phone. No EULAs, no clicking, no "I agree," nothing.
and the fact that non-GMO foods are natural and what we have been eating for millions of years.
You're not thinking right. I'd love to write a long post about how stupid this comment is, but I really don't have the patience for people who think GMO food is inherently evil and "natural" foods are inherently better. THERE IS NO SIMPLE RULE.
But here's what I'll say:
If you can name for me ONE NATURAL FOOD, whether vegetable or animal, that is the same as it was one million years ago, I'll reply to your post with a sincere, "I'm sorry; I'm the idiot."
I'll even make it one better. Forget a million years. Give me one plant or animal that people eat that is "the same" as it wa a mere 10,000 years ago. 10,000! That should be easy, right?
I'd even push my luck and say you'd be hard-pressed (though I won't now claim it impossible) to find a food we eat that was the same merely a thousand years ago. All our grains, fruits, and vegetables have changed a LOT in the last thousand years. All our domesticated animals, too.
All our eating animals and eating plants have been carefully cultivated and bred by man for a LONG time, and they havebeen genetically manipulated, the slow, old fashioned way -- through selective breeding.
Anyone who thinks we've been eating the same food for millions of years is totally ignorant. If you think human beings have even been around for millions of years, you've got some studying to do.
The postal database lookup I mentioned would only verify that the input address exists, not that it belongs to Joe.
Bob could ask Visa/MC if the billing address is the same as what's on file for the card. No, it doesn't eliminate all fraud, but it would certainly reduce it.
You're right, and he can - my other post above makes the reasons why it doesn't work so well more clear. Most importantly, nothing but the digits get sent to the credit card processing network in the first place, so they can't verify the difference between 123 fake street and 123 oak street, EVEN IF THEY WANT TO. On top of that, if the address is wrong, VISA still approves the transaction - it's up to the merchant to check the response and void the transaction if it's not a response they are happy with.
Is that Visa/MC's fault, or lack of care at the merchant?
Oh, it's definitely the merchant's fault. I'm not saying that things should be otherwise; I think things work more or less the way they should in this case. I'm not objecting to the merchant being responsible; I'm just pointing out that they are, and always have been, and PCI doesn't change a thing.
Well, of course I was exaggerating when I said "no one." But it's interesting to hear your view.:) I didn't realize newegg provided it.
As for the "address" info - a very well-written system put in front of the credit card processing networks will do a real postal database lookup on an address. That's nice. It's also exceedingly rare. What you normally get for address verification is what the credit card processing networks themselves provide: AVS, the Address Verification Service.
A few interesting notes on AVS:
1) It only validates the digits in the street address and zip code, nothing else. So 123 Fake Street and 123 Oak Street are exactly the same in it's eyes. 2) It never rejects a transaction. Even if the address is wrong, it's approved. It's up to the merchant to check the response from the credit card processing network that says "the address was right" or "the address was wrong" or a dozen values of "the address was kinda' right" and then void the transaction if the response is unacceptable to them.
2 is becoming a little less true recently, though - several issuing banks have taken it on themselves to reject the transaction even if the AVS standard says they aren't supposed to. I think this is a good thing.
Merchants have been responsible, not VISA, all along. It's ALWAYS been that way.
I say that as someone who's been int he industry for ten years, so I'll admit maybe things were vastly different before I got here. But for at LEAST the last decade, merchants have eaten fraudulent charges.
Here's how it works in a nutshell. I'll assume an internet ("e-commerce") transaction since it's what i'm most familiar with.
1) Evil bad guy steals a credit card number. 2) Evil bad guy makes a charge from Bob the Merchant 3) Bob the Merchant ships Evil Bad Guy his product. 4) Joe, the actual owner of the credit card sees the charge on his statement. 5) Joe calls Bob the Merchant and says, "Why did you charge me?"
At this point, the only thing Bob the Merchant can do is issue a refund to Joe. He'll never see his product that Evil Bad Guy took, or the money, ever again. What happens is he refuses to give Joe his money?
6) Joe calls his issuing bank and asks for a chargeback. 7) Bob the Merchant is forced by his merchant account provider to refund the money to Joe. Also, to pay a chargeback fee of somewhere around $50, and if he gets more than 1% of his charges returned as chargebacks, VISA refuses to ever let him do business with a domestic bank again.
So who loses here? Not VISA. Not Joe, the cardholder. Not Joe's issuing bank. The merchant, is out product and money, and there's jack-all he can do about it.
There is only one exception I am aware of: Verified by Visa. If a merchant uses VBV on his website, then VISA will guarantee the charges, and if there is a chargeback, VISA will eat the cost. This is a HUGE change from how things have always worked in the past. However, no one uses VBV because it requires the CARDHOLDER to take extra steps to sign up and become active, but the CARDHOLDER has no reason to care, since he's already protected.
Anyhow. Long before PCI, long before CISP, long before any of the security standards were standards, the merchants were already responsible for all fradulent charges. It's the way things are. PCI makes a much cleaner audit trail when things go south, but it's not really about fraud nearly as much as it's about data security. There's a few tiny parts of PCI that address a few particular cases of fraud, and ALL the rest of it is about data security and handlling policies.
Good thing we've got a lot more than just a set on the job then, isn't it?
*I* might not personally be capable of auditing the complete Debian code base. (All right -- I'll just admit it, I'm not!) I do look at any code I suspect, though, and I trust many others to be doing the same.
You do know that when you install software via APT it can run scripts to do anything it likes... right? The package might not be an executable, but apt will happily execute parts contained therein.
I'm all for bashing Windows, too, but in this case you've got nothing to laugh about.
Okay, I'll admit there are options to apt, which, if used, might help detect and avoid this kind of problem (like, installing as a user to a different set of install directories, rather than sudo apt-get install foo) but few people follow those safer steps.
No, the reason apt wins over Windows isn't because there is no executable factor. There is. But apt wins for other reasons, like having some 16,000 packages available and signed for by the distributor (Debian) -- there's very little chance I'm ever going to install a "third-party" binary on my system in the first place. Also, having the full source available for all those packages doesn't hurt, either...
I agree that after Bloodlines, Everything Changed.
However, in my view, that just means that SOTN was the first TRUE Castlevania game. The previous games were just attempts to get it right. They finally did.
I've played the heck out of every Castlevania... but SOTN and after are the ones I'll go back to again, and again, and again.
Actually, it's genetically sound thinking to claim that your "interest" in their "survival" is directly proportional to their relatedness to you. Richard Dawkins does a good job of setting out the explanation and evidence in "The Selfish Gene" which I'd quote at you, except I've misplaced my copy.
Slashdot Mirror
What about places that handle "money" and need to be secure but aren't banks?
Shopping carts, mall websites, payment gateways, -- anything with a payment form on the site... they are all attacked more than "banks" right now. It's easier to skim a lot of small insecure sites than hit one big well-protected one. I learned that from Neuromancer.
Mainframes are unique in their integration and optimization between the hardware and the operating system they run. It gives you a level of performance, integrity and fault tolerance which cannot be achieved by taking generic hardware and sticking Linux on top.
Hey, you tell it to Google.
Thank you Ted. Teddy. Theodore. Theo. Whatever.
What?! I'm just saying thanks.
My girlfriend runs Ubuntu, and when she wants a "screenshot" of something in the repository, she's bright enough to do a google search.
Read that however you like. I'm sure someone else has already asked what a screenshot of libfoo looks like.
The day the linux kernel gets built-in graphics and windowing is the day nearly everyone stops using it. Seriously. Don't be an idiot.
Planet Earth has some AWESOME video footage, and there are some AWESOME things that have never been seen before in it. It's great fun to watch.
It's not stunning science. Whoever wrote the voiceovers (read by THE Sigourney Weaver) did a poor job. There is a lot of rhetoric, not enough science.
You rule! You make good points!
There's bad news, though. Only 144,000 are going to ascend into Heaven. That limits it pretty severely. John says in The Revelation that these 144,000 "had not defiled themselves with women," so if you ARE a woman, or a man who's been with a woman, you're already out. Go ahead and sin.
I'm 31, I've been typing since I got my first Commodore-64 in about 1980, and I am in the same boat as you; I am a ridiculously fast two-finger touch-typist. Now, I don't literally use two fingers; I actually type with all my fingers (although the pinkie fingers get very little use).
People who are touch-typists often are impressed with my typing speed. Everyone assumes I am a touch-typist. Then I invite them to watch my hands when I type.
I will never forget my typing class in high school; I could type faster than the instructor, but he would have to make me down because I didn't do it the right way.
Not anymore; I rooted that box and replaced all it's 1s and 0s with 3s. Just go look.
Even better, after a couple years of Linux you can start telling your Windows friends in all honesty, "I can't help you; I don't know Windows."
CD's came out in 1981, 1981!! CD's came out a year before MS. PAC-MAN. The music studios are long overdue for a technology shift.
I came out in 1975, seven years before MS PAC MAN.
I'm still doing fine.
I use ComCast.
When you sign up, they have a disk you are supposed to use to get started.
It's a damn internet connection. I don't need a disk for that. nor will I use one. Plus, I'm on Linux, which they don't support.
The practical upshot of this is, I've never seen a contract. I called them up to activate service over the phone. No EULAs, no clicking, no "I agree," nothing.
In the same vein...
"They laughed at Galileo! They laughed at the Wright Brothers!"
Yup.
They also laughed at Bozo The Clown.
my students need more time to practice long division,
Ah yes, teaching mathematics by rote symbol manipulation. That's valuable.
... used for communicating with a certain well-known online auction site. ... ebay hasn't shared their customer email list with spammers (yet).
We'll never guess which well-known online auction site... the suspense is killing me!!!!
The movie I tried (Broken Arrow) worked and the quality was fine.
If you are trying to tell me the quality of the movie, "Broken Arrow," was acceptable, I have to call BS. I don't think you ever watched it.
and the fact that non-GMO foods are natural and what we have been eating for millions of years.
You're not thinking right. I'd love to write a long post about how stupid this comment is, but I really don't have the patience for people who think GMO food is inherently evil and "natural" foods are inherently better. THERE IS NO SIMPLE RULE.
But here's what I'll say:
If you can name for me ONE NATURAL FOOD, whether vegetable or animal, that is the same as it was one million years ago, I'll reply to your post with a sincere, "I'm sorry; I'm the idiot."
I'll even make it one better. Forget a million years. Give me one plant or animal that people eat that is "the same" as it wa a mere 10,000 years ago. 10,000! That should be easy, right?
I'd even push my luck and say you'd be hard-pressed (though I won't now claim it impossible) to find a food we eat that was the same merely a thousand years ago. All our grains, fruits, and vegetables have changed a LOT in the last thousand years. All our domesticated animals, too.
All our eating animals and eating plants have been carefully cultivated and bred by man for a LONG time, and they havebeen genetically manipulated, the slow, old fashioned way -- through selective breeding.
Anyone who thinks we've been eating the same food for millions of years is totally ignorant. If you think human beings have even been around for millions of years, you've got some studying to do.
Do you work for Bankcard?
A lot of companies offer chargeback insurance, and I wouldn't necessarily endorse one over another.
Does Bob the Merchant have access to Joe's credit-card billing address?
0 85442
No - if he did, we'd have a nice way to verify things. See my other post on AVS: http://slashdot.org/comments.pl?sid=223350&cid=18
The postal database lookup I mentioned would only verify that the input address exists, not that it belongs to Joe.
Bob could ask Visa/MC if the billing address is the same as what's on file for the card. No, it doesn't eliminate all fraud, but it would certainly reduce it.
You're right, and he can - my other post above makes the reasons why it doesn't work so well more clear. Most importantly, nothing but the digits get sent to the credit card processing network in the first place, so they can't verify the difference between 123 fake street and 123 oak street, EVEN IF THEY WANT TO. On top of that, if the address is wrong, VISA still approves the transaction - it's up to the merchant to check the response and void the transaction if it's not a response they are happy with.
Is that Visa/MC's fault, or lack of care at the merchant?
Oh, it's definitely the merchant's fault. I'm not saying that things should be otherwise; I think things work more or less the way they should in this case. I'm not objecting to the merchant being responsible; I'm just pointing out that they are, and always have been, and PCI doesn't change a thing.
Well, of course I was exaggerating when I said "no one." But it's interesting to hear your view. :) I didn't realize newegg provided it.
As for the "address" info - a very well-written system put in front of the credit card processing networks will do a real postal database lookup on an address. That's nice. It's also exceedingly rare. What you normally get for address verification is what the credit card processing networks themselves provide: AVS, the Address Verification Service.
A few interesting notes on AVS:
1) It only validates the digits in the street address and zip code, nothing else. So 123 Fake Street and 123 Oak Street are exactly the same in it's eyes.
2) It never rejects a transaction. Even if the address is wrong, it's approved. It's up to the merchant to check the response from the credit card processing network that says "the address was right" or "the address was wrong" or a dozen values of "the address was kinda' right" and then void the transaction if the response is unacceptable to them.
2 is becoming a little less true recently, though - several issuing banks have taken it on themselves to reject the transaction even if the AVS standard says they aren't supposed to. I think this is a good thing.
Merchants have been responsible, not VISA, all along. It's ALWAYS been that way.
I say that as someone who's been int he industry for ten years, so I'll admit maybe things were vastly different before I got here. But for at LEAST the last decade, merchants have eaten fraudulent charges.
Here's how it works in a nutshell. I'll assume an internet ("e-commerce") transaction since it's what i'm most familiar with.
1) Evil bad guy steals a credit card number.
2) Evil bad guy makes a charge from Bob the Merchant
3) Bob the Merchant ships Evil Bad Guy his product.
4) Joe, the actual owner of the credit card sees the charge on his statement.
5) Joe calls Bob the Merchant and says, "Why did you charge me?"
At this point, the only thing Bob the Merchant can do is issue a refund to Joe. He'll never see his product that Evil Bad Guy took, or the money, ever again. What happens is he refuses to give Joe his money?
6) Joe calls his issuing bank and asks for a chargeback.
7) Bob the Merchant is forced by his merchant account provider to refund the money to Joe. Also, to pay a chargeback fee of somewhere around $50, and if he gets more than 1% of his charges returned as chargebacks, VISA refuses to ever let him do business with a domestic bank again.
So who loses here? Not VISA. Not Joe, the cardholder. Not Joe's issuing bank. The merchant, is out product and money, and there's jack-all he can do about it.
There is only one exception I am aware of: Verified by Visa. If a merchant uses VBV on his website, then VISA will guarantee the charges, and if there is a chargeback, VISA will eat the cost. This is a HUGE change from how things have always worked in the past. However, no one uses VBV because it requires the CARDHOLDER to take extra steps to sign up and become active, but the CARDHOLDER has no reason to care, since he's already protected.
Anyhow. Long before PCI, long before CISP, long before any of the security standards were standards, the merchants were already responsible for all fradulent charges. It's the way things are. PCI makes a much cleaner audit trail when things go south, but it's not really about fraud nearly as much as it's about data security. There's a few tiny parts of PCI that address a few particular cases of fraud, and ALL the rest of it is about data security and handlling policies.
a skilled set of eyes
Good thing we've got a lot more than just a set on the job then, isn't it?
*I* might not personally be capable of auditing the complete Debian code base. (All right -- I'll just admit it, I'm not!) I do look at any code I suspect, though, and I trust many others to be doing the same.
"Many eyes make all bugs shallow."
You do know that when you install software via APT it can run scripts to do anything it likes... right? The package might not be an executable, but apt will happily execute parts contained therein.
I'm all for bashing Windows, too, but in this case you've got nothing to laugh about.
Okay, I'll admit there are options to apt, which, if used, might help detect and avoid this kind of problem (like, installing as a user to a different set of install directories, rather than sudo apt-get install foo) but few people follow those safer steps.
No, the reason apt wins over Windows isn't because there is no executable factor. There is. But apt wins for other reasons, like having some 16,000 packages available and signed for by the distributor (Debian) -- there's very little chance I'm ever going to install a "third-party" binary on my system in the first place. Also, having the full source available for all those packages doesn't hurt, either...
I agree that after Bloodlines, Everything Changed.
However, in my view, that just means that SOTN was the first TRUE Castlevania game. The previous games were just attempts to get it right. They finally did.
I've played the heck out of every Castlevania... but SOTN and after are the ones I'll go back to again, and again, and again.
Actually, it's genetically sound thinking to claim that your "interest" in their "survival" is directly proportional to their relatedness to you. Richard Dawkins does a good job of setting out the explanation and evidence in "The Selfish Gene" which I'd quote at you, except I've misplaced my copy.